prpl documentation
Set up, scan, review, and defend
This is the documentation structure. Individual guides are intentionally marked as content placeholders until their screenshot-backed instructions are authored and reviewed.
Start here
Getting started
Orient each role and route readers to the shortest successful path.
Sign in and set up your account
Cover first GitHub sign-in, account state, and where settings live.
Connect GitHub authentication
Explain OAuth versus a fine-grained token, required scopes, storage, rotation, and revocation.
Connect your first repository
Take a user from authenticated GitHub access to a selected repository and ref.
Scan repositories
Prepare a repository environment
Explain how environment synthesis is triggered, what it builds, and how readiness is verified.
Run a security scan
Cover the first hunt/scan trigger, options, expected stages, and completion signals.
Add and scan more repositories
Cover adding repositories, branches/refs, repeated scans, and repository inventory behavior.
Monitor environments and scan jobs
Map job and environment states to the pages where users inspect progress, logs, and failures.
Schedule recurring scans
Cover cadence selection, pause/resume, last-run state, and schedule failures.
Review and respond
Understand findings
Explain finding groups, evidence, severity, confidence, status, occurrences, and deduplication.
Acknowledge true positives or reject false positives
Document that acknowledgement confirms a true positive and immediately starts Defend patch generation; rejection marks a false positive.
Generate and review patches with Defend
Cover acknowledgement-triggered and bundled patch generation, eligibility, progress, generated patches, and revalidation.
Review and approve a Defend pull request
Explain the two-step PR request/approval flow, GitHub review, and merge handoff.
Maintain repository knowledge
Document knowledge cards, appropriate content, lifecycle, and their effect on later scans.
Archive scans, findings, and history
Explain reversible archive controls, filters, and the boundary with deletion.
Reference
Roles and permissions
Define site roles, mapped ownership, delegated org-admin, membership, repo access, named roles, and capability boundaries.
Scan and finding lifecycle
Provide one canonical state map from repository connection through environment, scan, review, defend, PR, and archive.
GitHub authentication and permissions reference
List GitHub App/OAuth/token permissions, why each exists, and least-privilege alternatives.
Troubleshooting
Route common install, auth, clone, environment, scan, review, defend, PR, and seat failures.